Cookie&Session理解与应用

曾经浏览
购物案例
防止重复提交
图片验证

●cookie
1.获得cookie
·javax.servlet.http.Cookie类用于创建一个Cookie
  Cookie cookie = new Cookie(name,value);
·Response接口中定义了一个方法用于发送一个Cookie
  response.addCookie(cookie);
·Request接口中定义了一个方法用于获得Cookie
  request.getCookies();  //获得浏览器发送的所有cookie
2.cookie的方法
·setValue()设置Cookie的值
·setMaxAge()设置Cookie有效时间,如果不设置，默认在浏览器进程有效
·setDomain()设置域  访问的主机
·setPath()    设置有效路径  设置为web应用名的话则 此web应用下所有的servlet均可以访问此cookie
3.cookie细节
·子路径可以访问父路径设置的cookie，所以跳转到父目录时访问不到 可以用cookie.setPath("/day07");设置
·cookie只能保存一条信息 所以new的时候Cookie(name,value);
·getCookies方法如果没有cookie时返回的是空而不是空数组
·cookie最大4k
·一个浏览器最多放300cookie
·setMaxAge(0)表示通知浏览器立即删除
例子：
1.显示用户上次访问时间-------------------------------------------------------------------
package cn.itcast.cookiedemo;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Date;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class CookieDemo1 extends HttpServlet {

 public void doGet(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  
  // 获得输出流
  response.setContentType("text/html;charset=utf-8");
  PrintWriter out = response.getWriter();
  

  // 显示用户上次的访问时间
  // 获得 Cookie
  // 1. 获得所有的Cookie
  Cookie[] cookies = request.getCookies();
  String lastAccessTime = null;
  // 2. 循环遍历所有的 Cookie 找有没有 lastAccessTime
  for(int i=0; cookies!=null&&i<cookies.length; i++) {
   if("lastAccessTime".equals(cookies[i].getName()))
    // 找到了
    lastAccessTime = cookies[i].getValue();
  }
  // 3. 判断是否找到指定的 cookie
  if(lastAccessTime==null)
   // 第一次访问
   out.write("您是第一次光临本站!!!");
  else
   // 以前访问过
   out.write("您上次访问时间是: " + lastAccessTime);
  
  
  // 发送一个cookie  记住本次访问时间
  // 1. 获得当前时间
  String now = new Date().toLocaleString();
  // 2. 创建 Cookie 对象
  Cookie cookie = new Cookie("lastAccessTime", now);
  // 为了让 用户缓存当前 cookie 需要设置有效时间
  cookie.setMaxAge(60*5);
  // setMaxAge 如果设置为0,则是命令浏览器立即删除该cookie
  //cookie.setMaxAge(0);
  // 如果Cookie想对全站有效  需要设置有效路径
  cookie.setPath("/day07");
  // 3. 将 cookie 发送给浏览器
  response.addCookie(cookie);
 }

 public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  doGet(request, response);
 }
}
2.显示用户最近浏览过的商品-------------------------------------------------------------------
package cn.itcast.cookiedemo;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.Map;
import java.util.Map.Entry;

import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.itcast.domain.Book;
import cn.itcast.domain.DB;

public class CookieDemo2 extends HttpServlet {

 public void doGet(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {

  // 罗列出所有的商品
  response.setContentType("text/html;charset=utf-8");
  PrintWriter out = response.getWriter();
  
  out.write("本站提供如下商品:<br>");
  Map<String, Book> all = DB.getAll();
  for(Entry<String, Book> e :all.entrySet()) {
   Book book = e.getValue();
   out.write("<a href='/day07/servlet/CookieDemo3?bookid="+book.getId()+"' target='_blank'>"+book.getName()+"</a><br>");
  }
  
  
  // 读取 cookie
  Cookie[] cookies = request.getCookies();
  String bookHistory = null;
  for(int i=0; cookies!=null&&i<cookies.length; i++) {
   if("bookHistory".equals(cookies[i].getName()))
    bookHistory = cookies[i].getValue();
  }
  
  if(bookHistory==null) {
   out.write("您还未浏览过任何商品");
   return ;
  }
  
  // 浏览过了
  out.write("<br>您曾经浏览过的商品:<br>");
  // 断开字符串 获得所有的id
  String[] ids = bookHistory.split("-");
  
  // 遍历 根据id查书名, 显示
  for(String id : ids) {
   Book book = DB.find(id);
   out.write(book.getName() + "<br>");
  }
 }

 public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  doGet(request, response);
 }

}
package cn.itcast.cookiedemo;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.itcast.domain.Book;
import cn.itcast.domain.DB;

public class CookieDemo3 extends HttpServlet {

 public void doGet(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  response.setContentType("text/html;charset=utf-8");
  PrintWriter out = response.getWriter();
  
  // 获得id
  String bookid = request.getParameter("bookid");
  
  // 根据id找到书
  Book book = DB.find(bookid);
  
  // 显示详细信息
  out.write("您查看的商品详细信息为:<br>");
  out.write("书名:" + book.getName() + "<br>");
  out.write("作者:" + book.getAuthor() + "<br>");
  out.write("售价:" + book.getPrice() + "<br>");
  out.write("描述:" + book.getDescription() + "<br>");

  // 发送cookie
  // 制造cookie
  String bookHistory = makeCookie(request, bookid);
  
  Cookie cookie = new Cookie("bookHistory", bookHistory);
  
  // 设置有效时间
  cookie.setMaxAge(60*60*24*5);
  
  response.addCookie(cookie);
  
 }

 private String makeCookie(HttpServletRequest request, String bookid) {
  // 获得ie发送的Cookie
  Cookie[] cookies = request.getCookies();
  String bookHistory = null;
  for(int i=0; cookies!=null&&i<cookies.length; i++) {
   if("bookHistory".equals(cookies[i].getName()))
    bookHistory = cookies[i].getValue();
  }
  
  // 要求 : 只显示最近3本
  // null   将bookid 返回
  if(bookHistory==null)
   return bookid;
  // 不为null
  // 将字符串断开 将id存入list
  String[] parts = bookHistory.split("-");
  List<String> l = Arrays.asList(parts);
  
  LinkedList<String> list = new LinkedList<String>();
  list.addAll(l);
  // 包含本次浏览的   本次浏览的放在第一个  1-2  2
  if(list.contains(bookid)) {
   // 先删除 再加到第一个
   list.remove(bookid);
   list.addFirst(bookid);
  }
  // 不包含本次浏览的
  // 3个  将末尾的删除  追加到第一个
  else if(list.size()==3) {
   list.removeLast();
   list.addFirst(bookid);
  }
  // 不足3个  追加到第一个   2-5  3   3-2-5
  else {
   list.addFirst(bookid);
  }
  // 以 "-" 连接成字符串
  StringBuilder sb = new StringBuilder();
  for(String id : list) {
   sb.append(id + "-");
  }
  sb.deleteCharAt(sb.length()-1);
  return sb.toString();
 }

 public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  doGet(request, response);
 }

}

●session
1.同进程共享session
·ie 访问 servlet
·servlet创建session并把sessionid保存到cookies中返回给ie
·此ie再次访问servlet ie找到cookies中的id并发送给servlet 就可以访问到刚才的session
·另一个ie访问servlet 由于cookies在当前浏览器进程有效所以找不着sessionid 传给servlet是空 所以servlet再创建一个session将id返回给浏览器
示例：
import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class SessionDemo1 extends HttpServlet {

 public void doGet(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {

  // session 是个域对象 
  
  // session 是由服务器自动创建的  我们应用只能获得
  HttpSession session = request.getSession(); // true
  
  
  // 存点数据
  String name = request.getParameter("name");
  session.setAttribute("name", name);
  
  // 请求重定向
  response.sendRedirect("/day07/servlet/SessionDemo2");
 }

 public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  doGet(request, response);
 }

}
import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class SessionDemo2 extends HttpServlet {

 public void doGet(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  
  HttpSession session = request.getSession(false); // 只是取session 如果没有就不创建
  
  if(session==null)
   return;
  
  String name = (String) session.getAttribute("name");
  
  response.getWriter().write(name);
 }

 public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  doGet(request, response);
 }

}

2.得到其他浏览器的session
·ie访问servlet
·servlet创建session并把sessionid保存到cookies中返回给ie 并且给此cookies设置有效时间
·另一个ie访问servlet 由于cookies找着了sessionid 传给servlet servlet就认为此ie对应此session 就允许访问此session中的内容
  我的理解：
  ie向servlet发送sessionid时要参考cookie
  由于参考，cookie可在本地存在半小时 新起一个ie就去参考这个cookie中的sessionid，那么我随便起只要是本地的ie就可以得到cookies中的sessionid就可以找到session了。
实现：
  //tomcat也在干new cookie这件事，只不过不给此cookie设置有效时间，所以本地的sessionid发送之后浏览器关闭cookies就没了
  //所以我们拿到这个sessionid，自己为浏览器创建一个cookies
  Cookie cookie = new Cookie("JSESSIONID", session.getId());
  //然后为自己创建的这个cookies设置了有效时间，以后只要是本地的ie就都可以访问这个session了
  cookie.setMaxAge(60*60*5);

  那本地肯定有一堆cookie 里面有一堆sessionid 那么浏览器是如何知道要发送哪个sessionid 所以cookies中有一个url地址可以告诉浏览器在访问哪个servlet时候发送哪个sessionid
 
  既然tomcat也在new cookie发送给浏览器 我也在servlet中new cookie发送给浏览器 而且sessionid和url都是一样的
  但是tomcat创建的cookie在关闭浏览器之后就删除了所以最后只留下我在servlet中给浏览器发送的cookies
  但是在浏览器未关闭时，本地就保存了两个cookie

3.session也是通过cookie来获得sessionid的，当禁用cookie时可以通过
  String url = response.encodeRedirectURL("/day07/servlet/ListCartServlet");
  String url = response.encodeURL("/day07/servlet/BuyServlet?id="+book.getId());
  来在url中加sessionid

4.session.invalidate();销毁session对象
  session.removeAttribute("user");删除session对象中的某个内容

5.session的实效时间的配置此时一分钟实效
  在web.xml中web-app标签下加
  <session-config>
 <session-timeout>1</session-timeout>
  <session-config>
 
例子：-------------------------------------------------------------------
简单购物车
分析：点击链接即将物品放入购物车，购物车存在session中，购物车中放一个list,list中放物品对象。
package cn.itcast.sessiondemo;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.Map;
import java.util.Map.Entry;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.itcast.domain.Book;
import cn.itcast.domain.DB;

public class ListServlet extends HttpServlet {

 public void doGet(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {

  // 罗列出所有的商品
  response.setContentType("text/html;charset=utf-8");
  PrintWriter out = response.getWriter();
  
  // 使用一下session
  request.getSession(); // 第一次没有 创建Session
  
  out.write("本站提供如下商品:<br>");
  Map<String, Book> all = DB.getAll();
  for(Entry<String, Book> e :all.entrySet()) {
   Book book = e.getValue();
   String url = response.encodeURL("/day07/servlet/BuyServlet?id="+book.getId());
   out.write("<a href='"+url+"' target='_blank'>"+book.getName()+"</a><br>");
  }
  
 }

 public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  doGet(request, response);
 }

}
package cn.itcast.sessiondemo;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import cn.itcast.domain.Book;
import cn.itcast.domain.DB;

public class BuyServlet extends HttpServlet {

 public void doGet(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  // 处理用户的购买请求
  // 获得id
  String id = request.getParameter("id");
  
  // 根据id查找book
  Book book = DB.find(id);
  
  // 获得购物车
  HttpSession session = request.getSession(); // 第二次不创建  是获得
  List cart = (List) session.getAttribute("cart");
  
  // 如果是第一次来  Session中是空的
  if(cart==null) {
   // 创建购物车对象  存入Session
   cart = new ArrayList();
   session.setAttribute("cart", cart);
  }
  
  // 将书放入购物车
  cart.add(book);
  
  // 发送 Cookie 设置有效时间
  Cookie cookie = new Cookie("JSESSIONID", session.getId());
  cookie.setMaxAge(60*60*5);
  response.addCookie(cookie);
  
  // 跳转到购物车页面
  String url = response.encodeRedirectURL("/day07/servlet/ListCartServlet");
  response.sendRedirect(url);
 }

 public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  doGet(request, response);
 }

}
package cn.itcast.sessiondemo;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import cn.itcast.domain.Book;

public class ListCartServlet extends HttpServlet {

 public void doGet(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  // 显示购物车的商品
  response.setContentType("text/html;charset=utf-8");
  PrintWriter out = response.getWriter();
  
  // 获得购物车
  HttpSession session = request.getSession(); // 拿着id去找session
  
  List<Book> cart = (List) session.getAttribute("cart");
  
  if(cart==null) {
   out.write("您还没有购买任何商品");
   return ;
  }
  
  // 遍历购物车中商品
  out.write("您购买了如下商品:<br>");
  for(Book book : cart) {
   out.write(book.getName() + "," + book.getPrice() + "<br>");
  }
 }

 public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  doGet(request, response);
 }

}

用户登录
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <title>用户登陆页面</title>
  </head>
 
  <body style="text-align: center;">
   ${message }
    <form action="/day07/servlet/LoginServlet" method="post">
     <table border="1" width="600px">
      <tr>
       <td>用户名</td>
       <td>
        <input type="text" name="username">
       </td>
      </tr>
      <tr>
       <td>密码</td>
       <td>
        <input type="password" name="password">
       </td>
      </tr>
      <tr>
       <td>
        <input type="reset" value="重置">
       </td>
       <td>
        <input type="submit" value="用户登陆">
       </td>
      </tr>
     </table>
    </form>
  </body>
</html>
package cn.itcast.servlet;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.itcast.domain.DB;
import cn.itcast.domain.User;

public class LoginServlet extends HttpServlet {

 public void doGet(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {

  request.setCharacterEncoding("utf-8");
  
  // 获得用户名和密码
  String username = request.getParameter("username");
  String password = request.getParameter("password");
  
  // 检查用户名和密码
  // 根据用户名获得user
  User user = DB.findUser(username);
  if(user==null) {
   // 登陆失败
   request.setAttribute("message", "用户名不存在");
   request.getRequestDispatcher("/login.jsp").forward(request, response);
   return ;
  }
  if(!user.getPassword().equals(password)) {
   request.setAttribute("message", "密码错误");
   request.getRequestDispatcher("/login.jsp").forward(request, response);
   return ;
  }
  
  // 登陆成功 
  // 将 user 对象存入 session
  request.getSession().setAttribute("user", user);
  //跳转到首页
  response.sendRedirect("/day07");
 }
 public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  doGet(request, response);
 }
}
package cn.itcast.servlet;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class LogoutServlet extends HttpServlet {

 public void doGet(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {

  // 销毁 session
  HttpSession session = request.getSession();
  
  //  session.invalidate(); // 立即销毁session  session中所有的数据都没了
  
  // 从 session 移除 user 对象
  session.removeAttribute("user");
  
  // 跳回首页
  response.sendRedirect("/day07");
 }

 
 public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  doGet(request, response);
 }

}
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
   
    <title>My JSP 'index.jsp' starting page</title>
 <meta http-equiv="pragma" content="no-cache">
 <meta http-equiv="cache-control" content="no-cache">
 <meta http-equiv="expires" content="0">   
 <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
 <meta http-equiv="description" content="This is my page">
 <!--
 <link rel="stylesheet" type="text/css" href="styles.css">
 -->
  </head>
 
  <body>
    ${user.username } , 欢迎你!!!!
    <a href="/day07/servlet/LogoutServlet">退出</a>
  </body>
</html>
防止表单重复提交注册------------------------------------------------------------------------------
分析：
为表单增加一个不重复的编号 同时将此编号添加到session中
你每次提交的时候 检查你对应的session和你表单的编号是否一致 一致 就允许你提交 你提交之后将session中的编号移除
你再提交 检查你对应的session中的编号和表单编号发现不一致了 就不让你提交

package cn.itcast.servlet;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.Random;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class FormServlet extends HttpServlet {

 public void doGet(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {

  response.setContentType("text/html;charset=utf-8");
  PrintWriter out = response.getWriter();
  
  // 产生一个随机数  唯一的令牌 无法仿造
  TokenProccessor proccessor = TokenProccessor.getInstance();
  String token = proccessor.makeToken();
  
  // 做一个提交表单
  out.write("<form action='/day07/servlet/RegisterServlet' method='post'>");
  out.write("用户名 : <input type='text' name='username' /><br>");
  out.write("<input type='hidden' name='token' value="+token+" />");
  out.write("<input type='submit' value='提交' />");
  out.write("</form>");
  
  // 将Token存入 session
  request.getSession().setAttribute("token", token);
  
 }

 public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  doGet(request, response);
 }

}
package cn.itcast.servlet;

import java.security.MessageDigest;
import java.util.Random;

import sun.misc.BASE64Encoder;

public class TokenProccessor {

 // 负责产生令牌  保证唯一  单例
 private TokenProccessor(){}
 
 private static TokenProccessor instance = new TokenProccessor();
 
 public static TokenProccessor getInstance() {
  return instance;
 }
 
 // 设计一个方法产生令牌
 public String makeToken() {
  try {
   // 1. 产生一个随机数  123   769868787
   String random = new Random().nextInt(19999999)
     + System.currentTimeMillis() + "";
   // 2.统一数据的长度  采集数据的指纹  指纹算法  消息摘要  md5
   // 保证所有的数据 消息摘要都不一样   算法不可逆的
   MessageDigest msgdegest = MessageDigest.getInstance("md5");
   
   byte[] md5 = msgdegest.digest(random.getBytes());
   
   // 3. 将 md5 转为看得懂的字符   转为明文
   // base64 算法
   BASE64Encoder encoder = new BASE64Encoder();
   
   String token = encoder.encode(md5);
   return token;
  } catch (Exception e) {
   throw new RuntimeException(e);
  }
 }
 
}
package cn.itcast.servlet;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class RegisterServlet extends HttpServlet {

 public void doGet(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  
  response.setContentType("text/html;charset=utf-8");
  PrintWriter out = response.getWriter();
  // 判断是否为重复提交
  // 获得提交的token
  String token = request.getParameter("token");
  // 获得session中的token
  String sessionToken = (String) request.getSession().getAttribute("token");
  if(token==null) {
   // 意味着不是通过我们表单提交过来的  恶意提交
   out.write("对不起! 不是表单提交的数据");
   return;
  }
  if(sessionToken==null) {
   // 意味着是重复提交
   out.write("不要重复提交表单");
   return;
  }
  if(!token.equals(sessionToken)) {
   // 伪造的 token
   out.write("伪造的随机数");
   return ;
  }
  
  String username = request.getParameter("username");
  String password = request.getParameter("password");
  
  // 将数据插入数据库
  System.out.println("username=" + username);
  System.out.println("password=" + password);
  System.out.println("数据正在插入数据库.............");
  
  // 提交成功 移除 session 中的 token
  request.getSession().removeAttribute("token");
  try {
   Thread.sleep(3000);
  } catch (InterruptedException e) {
   // TODO Auto-generated catch block
   e.printStackTrace();
  }
  
  out.write("注册成功!!!");
 }

 public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  doGet(request, response);
 }

}
图片验证--------------------------------------------------------------------------------------
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <title>提交表单</title>
    <script type="text/javascript">
     /*
     var isCommitted = false;
     function doSubmit() {
   
      if(isCommitted) {
       // 提交过了
       alert("请不要重复提交表单");
       return false;
      } else {
       // 没提交
       isCommitted = true;
       return true;
      }
     
     }
     */
     
     function doSubmit() {
      document.getElementById("submit").disabled = 'disabled';
      return true;
     }
     
     function change() {
      // 换图片
      var imgObj = document.getElementById("myimg");
      imgObj.src = "/day07/servlet/ImageServlet?" + new Date().getTime();
      
     }
    </script>
  </head>
 
  <body style="text-align: center;">

    <form action="/day07/servlet/HandlerServlet" method="post" onsubmit="return doSubmit()">
     <table border="1" width="600px">
      <tr>
       <td>用户名</td>
       <td>
        <input type="text" name="username">
       </td>
      </tr>
      <tr>
       <td>密码</td>
       <td>
        <input type="password" name="password">
       </td>
      </tr>
      <tr>
       <td>输入验证码</td>
       <td>
        <input type="text" name="checkcode" >
        <img id="myimg" src="/day07/servlet/ImageServlet" alt="看不清,换一张" onclick="change()" />
       </td>
      </tr>
      <tr>
       <td>
        <input type="reset" value="重置">
       </td>
       <td>
        <input id="submit" type="submit" value="注册" >
       </td>
      </tr>
     </table>
    </form>
  </body>
</html>
package cn.itcast.servlet;

import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.IOException;
import java.util.Random;

import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class ImageServlet extends HttpServlet {

 public void doGet(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {

  // 准备一个字符数组
  char[] buffer = "abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ0123456789".toCharArray();
  
  // 画一张图片发给ie
  // 创建一个 缓冲image
  BufferedImage image = new BufferedImage(80, 20, BufferedImage.TYPE_INT_RGB);
  
  Graphics g = image.getGraphics();
  
  // 画背景
  g.setColor(Color.WHITE);
  g.fillRect(0, 0, 80, 20);
  
  // 画框
  g.setColor(Color.BLACK);
  g.drawRect(0, 0, 79, 19);
  g.setColor(Color.BLUE);
  // 设置字体 大小
  g.setFont(new Font("黑体",Font.BOLD, 15));
  // 产生随机数 作为数组的角标
  Random r = new Random();
  StringBuilder sb = new StringBuilder();
  StringBuilder sb2 = new StringBuilder();

  for(int i=0; i<4; i++) {
   int pos = r.nextInt(buffer.length);
   char c = buffer[pos];
   sb.append(c + " ");
   sb2.append(c);
  }
  
  g.drawString(sb.toString(), 5, 15);
  
  // 获得 验证码 code
  String code = sb2.toString();
  // 存入 session
  request.getSession().setAttribute("code", code);
  
  // 设置干扰点
  // 设置颜色
  g.setColor(Color.RED);
  
  for(int i=0; i<100; i++) {
   int x = r.nextInt(80);
   int y = r.nextInt(20);
   g.fillOval(x, y, 1, 1);
  }
  
  // 将图片发给 ie
  ImageIO.write(image, "jpeg", response.getOutputStream());
  
 }

 public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  doGet(request, response);
 }

}
package cn.itcast.servlet;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class HandlerServlet extends HttpServlet {

 public void doGet(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {

  // 处理注册表单
  
  // 检查验证码
  String checkcode = request.getParameter("checkcode");
  String code = (String) request.getSession().getAttribute("code");
  
  if(checkcode==null || !checkcode.equalsIgnoreCase(code))
   request.setAttribute("message", "验证码不对!注册失败");
  else
   request.setAttribute("message", "注册成功!!!");
  request.getRequestDispatcher("/message.jsp").forward(request, response);
 }

 public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  doGet(request, response);
 }

}